smokeloader | 48db802f0acdb7560ccb995cf865f00c00807406ba66e73a1372a27e042e3af6 | Triage

Sharing

General

Target

48db802f0acdb7560ccb995cf865f00c00807406ba66e73a1372a27e042e3af6
Size

241KB
Sample

220127-cctstadghq
MD5

2bf5168e984b76a1cfa7d64da30f3dd3
SHA1

3b95210d378724bd9752a18ae18c1300c543f5dc
SHA256

48db802f0acdb7560ccb995cf865f00c00807406ba66e73a1372a27e042e3af6
SHA512

abcda45e2fd6f9fc387045d84f691854b1bd26ac8b35adbe29999b0021e2e1d9da09ba121a361856bba1a4e00a9c1af075951250bdef319096d662836331e060

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  48db802f0acdb7560ccb995cf865f00c00807406ba66e73a1372a27e042e3af6
- Size
  
  241KB
- MD5
  
  2bf5168e984b76a1cfa7d64da30f3dd3
- SHA1
  
  3b95210d378724bd9752a18ae18c1300c543f5dc
- SHA256
  
  48db802f0acdb7560ccb995cf865f00c00807406ba66e73a1372a27e042e3af6
- SHA512
  
  abcda45e2fd6f9fc387045d84f691854b1bd26ac8b35adbe29999b0021e2e1d9da09ba121a361856bba1a4e00a9c1af075951250bdef319096d662836331e060
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan